Lionel Elie Mamane lionel at mamane.lu
Tue Oct 17 12:59:54 CEST 2006

On Fri, Sep 29, 2006 at 08:41:46AM -0400, David Shaw wrote:
> On Fri, Sep 29, 2006 at 07:11:12AM +0200, Lionel Elie Mamane wrote:
>> On Sat, Sep 23, 2006 at 03:15:07PM +0200, Carlo Luciano Bianco wrote:

>>> I just try to summarize what I understood from this thread about
>>> OpenPGP implementation of DSA and RSA signatures, so you can correct
>>> me if I am wrong: ;-) 

>>>  - DSA does not support "firewalled hashes"

>> Not exactly. Version 3 DSA signatures lack a hash firewall. But
>> version 4 DSA signatures do have a hash firewall. The version refers
>> not to a version of DSA itself, but the version of the OpenPGP packet
>> format being used.

> This is not correct.  No DSA signatures in OpenPGP, whether v3 or
> v4, have a hash firewall.

I got that idea from this language in the RFC:

                            A V4 signature hashes the packet body
 starting from its first field, the version number, through the end of
 the hashed subpacket data. Thus, the fields hashed are the signature
 version, the signature type, the public key algorithm, the hash
 algorithm, the hashed subpacket length, and the hashed subpacket

Doesn't the fact that the they hash algorithm identifier is hashed
into what is DSA-signed establish a hash firewall?


More information about the Gnupg-devel mailing list